A leading medical-research institution working on a cure for Covid-19 has admitted it paid hackers a $1.14m (£910,000) ransom after a covert negotiation witnessed by BBC News.
The Netwalker criminal gang attacked University of California San Francisco (UCSF) on 1 June.
IT staff unplugged computers in a race to stop the malware spreading.
And an anonymous tip-off enabled BBC News to follow the ransom negotiations in a live chat on the dark web.
Cyber-security experts say these sorts of negotiations are now happening all over the world - sometimes for even larger sums - against the advice of law-enforcement agencies, including the FBI, Europol and the UK's National Cyber Security Centre.
Netwalker alone has been linked to at least two other ransomware attacks on universities in the past two months.Image caption Netwalker's dark web website used for negotiations with victims
At first glance, its dark-web homepage looks like a standard customer-service website, with a frequently asked questions (FAQ) tab, an offer of a "free" sample of its software and a live-chat option.
But there is also a countdown timer ticking down to a time when the hackers either double the price of their ransom, or delete the data they have scrambled with malware.
Instructed to log in - either by email or a ransom note left on hacked computer screens - UCSF was met with the following message, posted on 5 June....